BEIJING, December 14 (TMTPOST) - Chinese EV startup Xpeng Motors has been fined 1000,000 yuan (US$16,000) by the market regulation authority in Shanghai for collecting facial images of customers without consent.
Xpeng Motors reportedly collected 431,623 images of its customers by using surveillance cameras with facial recognition functions without prior consent from the customers.
“Our outlets in Shanghai wanted to collect and analyze the data of customer traffic to optimize our operation and better serve the customers,” Xpeng Motors told TMTPost. “Because of the lack of familiarity with the law, we made wrong judgments and procured services that violate relevant laws and regulations from a third-party supplier (Ulucu).”
Xpeng Motors said that they had already conducted internal evaluations and removed all data-collecting devices before Shanghai Market Regulation Department’s inspection on March 18. Data that were collected by the software from a third-party supplier and relevant data analyses had all been deleted, the company said. According to Xpeng Motors, the company did not leak any personal data of its customers nor use them illegally. The company only used the customer traffic data as an indicator of its business operation.
Xpeng Motors stated that it agreed to the administrative penalty and would reflect on the matter.
The country’s Personal Data Protection Law went into effect in November 2021, specifying ground rules for data collection, usage and storage. The law also lays out requirements for companies outside of China that need to process data from the country, including passing a security assessment conducted by state authorities.
China’s Personal Data Protection Law clearly stipulates that data processors must acquire consent from individuals whose data would be collected before collecting data. In addition, data processors must inform and explain to individuals whose data were collected in clear and simple language as to how their personal data would be used. The legal clauses are easily accessible through a simple search on the Internet.
Personal data protection is a sensitive matter in China. Illegal collection of data has been prevalent in the country. Users’ information and data are often collected without consent and are sold for profits.
In a survey conducted by the Institute of Law of the Chinese Academy of Social Sciences, 42.5% of the respondents said that they had encountered situations where their personal data were misused.